PASV mode on FTP

Networking/Security Forums -> Connectivity // Telecommunications // Internet News

Author: TheKingsterLocation: UK PostPosted: Fri Feb 07, 2003 1:34 pm    Post subject: PASV mode on FTP
    ----
I have an FTP up and running.

When a connection is made, firstly it goes to the router. The router the port forwards the request onto the internal ip address of the box the ftp is running on. To get the whole thing working I had to enable some port triggering for the ip range the ftp is running on, not sure why (if anyone knows please tell me) but it was just a lucky guess.

Alls working well and good, except I can't seem to get PASV mode working. It just says connection lost. Users have to take off PASSIVE mode to get it working.

Any ideas?

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Fri Feb 07, 2003 1:55 pm    Post subject:
    ----
Mate, what filters are running on router/firewall.

PASV needs clear outbound access to all ports >1023 to work.

Normal needs inbound access to port 20.

Author: TheKingsterLocation: UK PostPosted: Fri Feb 07, 2003 1:57 pm    Post subject:
    ----
all the way to 65535??

Author: myhatisred PostPosted: Fri Feb 07, 2003 4:35 pm    Post subject:
    ----
what kind of router/firewall is it?

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Fri Feb 07, 2003 4:45 pm    Post subject:
    ----
TheKingster wrote:
all the way to 65535??


Yep!

PASV chooses a random port >1023 to create its data channel.

Author: myhatisred PostPosted: Fri Feb 07, 2003 4:57 pm    Post subject:
    ----
that's interesting, my ftp server only has ports 20 + 21 open and it works on every mode

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Fri Feb 07, 2003 4:58 pm    Post subject:
    ----
Outbound

Author: TheKingsterLocation: UK PostPosted: Fri Feb 07, 2003 5:15 pm    Post subject:
    ----
dunno how to configure just outbound on my router?

its a linksys 4 port switch\router.

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Fri Feb 07, 2003 5:22 pm    Post subject:
    ----
If all outbound is allowed PASV will work
Normal mode requires inbound access to port 20

Author: TheKingsterLocation: UK PostPosted: Fri Feb 07, 2003 5:29 pm    Post subject:
    ----
Yeh cant find where to allow all outbound

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Fri Feb 07, 2003 5:30 pm    Post subject:
    ----
http://www.itc.virginia.edu/netsys/faq/dormFTP.html

Rough guide to ftp for those interested

Author: Jason PostPosted: Fri Feb 07, 2003 6:01 pm    Post subject:
    ----
This guide is pretty good also:

http://www.isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html

Author: TheKingsterLocation: UK PostPosted: Fri Feb 07, 2003 6:07 pm    Post subject:
    ----
I knwo about ftps, thats not what im looking for. I have port forwarding on my router that allows me to control inbound but cant see any outbound settings at all.

Author: chrisLocation: ~/security-forums PostPosted: Fri Feb 07, 2003 6:14 pm    Post subject:
    ----
There are NO outgoing restrictions on the linksys by default.

PASV can be problematic behind NAT, im assuming you want pasv to ftp ? otherwise just turn it off in the ftp client.

Ive had similar problems before, some servers with both the control and data FTP ports open its been fine, others with the exact same incoming and outgoing restrictions havent.

Author: TheKingsterLocation: UK PostPosted: Fri Feb 07, 2003 6:55 pm    Post subject:
    ----
Yeh I know I can do it at the client end and at server end.

No worries ill just do that.

ITS THE WEEKEND W00000t!!



Networking/Security Forums -> Connectivity // Telecommunications // Internet News


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group